Issues in Module.php (master) - Issues in master - Wolframcheg/symfotest - Measure and Improve Code Quality continuously with Scrutinizer

Issues (55)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/AppBundle/Entity/Module.php (1 issue)

Labels

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Created by PhpStorm.
 * User: device
 * Date: 23.02.16
 * Time: 9:16
 */

namespace AppBundle\Entity;

use Doctrine\Common\Collections\ArrayCollection;
use Doctrine\ORM\Mapping as ORM;
use Symfony\Component\Validator\Constraints as Assert;
use Gedmo\Mapping\Annotation as Gedmo;
use Symfony\Component\HttpFoundation\File\UploadedFile;


/**
 * Module
 *
 * @ORM\Table(name="module")
 * @ORM\Entity(repositoryClass="AppBundle\Repository\ModuleRepository")
 */
class Module implements \JsonSerializable
{
    /**
     * @ORM\Id
     * @ORM\GeneratedValue
     * @ORM\Column(type="integer")
     */
    private $id;

    /**
     * @ORM\Column(name="title", type="string")
     * @Assert\NotBlank()
     */
    private $title;

    /**
     * @ORM\Column(name="rating", type="integer")
     *
     */
    private $rating;

    /**
     * @ORM\Column(name="persent_success", type="integer")
     * @Assert\NotBlank()
     * @Assert\GreaterThan(value = 0)
     * @Assert\LessThan(value = 100)
     */
    private $persentSuccess;

    /**
     * @ORM\Column(name="time", type="integer")
     * @Assert\NotBlank()
     */
    private $time;

    /**
     * @ORM\Column(name="attempts", type="integer")
     * @Assert\NotBlank()
     */
    private $attempts;

    /**
     * @Gedmo\Timestampable(on="create")
     * @ORM\Column(name="created_at", type="datetime")
     */
    private $createdAt;

    /**
     * @Gedmo\Timestampable(on="update")
     * @ORM\Column(name="updated_at", type="datetime")
     */
    private $updatedAt;

    /**
     * @var string
     * @Assert\File(
     *              maxSize = "3M",
     *              mimeTypes = {"image/*"},
     *              maxSizeMessage = "The file is too large ({{ size }}).Allowed maximum size is {{ limit }}",
     *              mimeTypesMessage = "The mime type of the file is invalid ({{ type }}). Allowed mime types are {{ types }}"
     *              )
     */
    private $moduleImage;

    /**
     * @var string
     *
     * @ORM\Column(name="nameImage", type="string", length=255, nullable=true)
     */
    private $nameImage;

    /**
     * @var string
     *
     * @ORM\Column(name="pathImage", type="string", length=255, nullable=true)
     */
    private $pathImage;


    /**
     * @ORM\ManyToOne(targetEntity="AppBundle\Entity\Category", inversedBy="modules")
     * @ORM\JoinColumn(onDelete="SET NULL")
     */
    private $category;

    /**
     * @ORM\OneToMany(targetEntity="AppBundle\Entity\Question", mappedBy="module", cascade={"persist", "remove"})
     */
    private $questions;

    /**
     * @ORM\OneToMany(targetEntity="AppBundle\Entity\ModuleUser", mappedBy="module", cascade={"remove"})
     */
    private $modulesUser;

    public function jsonSerialize()
    {
        return [
            'titleModule' => $this->getTitle(),
            'percentSuccess' => $this->getPersentSuccess()
        ];
    }


    /**
     *
     */
    public function __construct()
    {
        $this->questions = new ArrayCollection();
        $this->modulesUser = new ArrayCollection();
    }

    /**
     * @return mixed
     */
    public function getId()
    {
        return $this->id;
    }

    /**
     * @return mixed
     */
    public function getTitle()
    {
        return $this->title;
    }

    /**
     * @param mixed $title
     */
    public function setTitle($title)
    {
        $this->title = $title;
    }

    /**
     * @return mixed
     */
    public function getRating()
    {
        return $this->rating;
    }

    /**
     * @param mixed $rating
     */
    public function setRating($rating)
    {
        $this->rating = $rating;
    }

    /**
     * @return mixed
     */
    public function getPersentSuccess()
    {
        return $this->persentSuccess;
    }

    /**
     * @param mixed $persentSuccess
     */
    public function setPersentSuccess($persentSuccess)
    {
        $this->persentSuccess = $persentSuccess;
    }

    /**
     * @return mixed
     */
    public function getTime()
    {
        return $this->time;
    }

    /**
     * @param mixed $time
     */
    public function setTime($time)
    {
        $this->time = $time;
    }

    /**
     * @return mixed
     */
    public function getAttempts()
    {
        return $this->attempts;
    }

    /**
     * @param mixed $attempts
     */
    public function setAttempts($attempts)
    {
        $this->attempts = $attempts;
    }

    /**
     * @return mixed
     */
    public function getCreatedAt()
    {
        return $this->createdAt;
    }

    /**
     * @param mixed $createdAt
     */
    public function setCreatedAt($createdAt)
    {
        $this->createdAt = $createdAt;
    }

    /**
     * @return mixed
     */
    public function getUpdatedAt()
    {
        return $this->updatedAt;
    }

    /**
     * @param mixed $updatedAt
     */
    public function setUpdatedAt($updatedAt)
    {
        $this->updatedAt = $updatedAt;
    }

    /**
     * @return mixed
     */
    public function getCategory()
    {
        return $this->category;
    }

    /**
     * @param mixed $category
     */
    public function setCategory(Category $category = null)
    {
        $this->category = $category;
    }

    /**
     * @return mixed
     */
    public function getQuestions()
    {
        return $this->questions;
    }

    /**
     * @param Question $question
     * @return $this
     */
    public function addQuestion(Question $question)
    {
        $this->questions->add($question);

        return $this;
    }

    /**
     * @param Question $question
     */
    public function removeQuestion(Question $question)
    {
        $this->questions->removeElement($question);
    }

    /**
     * @return mixed
     */
    public function getModulesUser()
    {
        return $this->modulesUser;
    }

    /**
     * @param ModuleUser $moduleUser
     * @return $this
     */
    public function addModuleUser(ModuleUser $moduleUser)
    {
        $this->modulesUser->add($moduleUser);

        return $this;
    }

    /**
     * @param ModuleUser $moduleUser
     */
    public function removeModuleUser(ModuleUser $moduleUser)
    {
        $this->modulesUser->removeElement($moduleUser);
    }

    /**
     * @return string
     */
    public function getModuleImage()
    {
        return $this->moduleImage;
    }


    /**
     * @param UploadedFile $uploadedFile
     */
    public function setModuleImage(UploadedFile $uploadedFile = null)
    {
        $this->moduleImage = $uploadedFile;
class Id
{
    public $id;

    public function __construct($id)
    {
        $this->id = $id;
    }

}

class Account
{
    /** @var  Id $id */
    public $id;
}

$account_id = false;

if (starsAreRight()) {
    $account_id = new Id(42);
}

$account = new Account();
if ($account instanceof Id)
{
    $account->id = $account_id;
}
    }

    /**
     * @return string
     */
    public function getNameImage()
    {
        return $this->nameImage;
    }

    /**
     * @param string $nameImage
     */
    public function setNameImage($nameImage)
    {
        $this->nameImage = $nameImage;
    }

    /**
     * @return string
     */
    public function getPathImage()
    {
        return $this->pathImage;
    }

    /**
     * @param string $pathImage
     */
    public function setPathImage($pathImage)
    {
        $this->pathImage = $pathImage;
    }

    public function getCountQuestions()
    {
        return count($this->questions);
    }

}

1		<?php
2		/**
3		* Created by PhpStorm.
4		* User: device
5		* Date: 23.02.16
6		* Time: 9:16
7		*/
8
9		namespace AppBundle\Entity;
10
11		use Doctrine\Common\Collections\ArrayCollection;
12		use Doctrine\ORM\Mapping as ORM;
13		use Symfony\Component\Validator\Constraints as Assert;
14		use Gedmo\Mapping\Annotation as Gedmo;
15		use Symfony\Component\HttpFoundation\File\UploadedFile;
16
17
18		/**
19		* Module
20		*
21		* @ORM\Table(name="module")
22		* @ORM\Entity(repositoryClass="AppBundle\Repository\ModuleRepository")
23		*/
24		class Module implements \JsonSerializable
25		{
26		/**
27		* @ORM\Id
28		* @ORM\GeneratedValue
29		* @ORM\Column(type="integer")
30		*/
31		private $id;
32
33		/**
34		* @ORM\Column(name="title", type="string")
35		* @Assert\NotBlank()
36		*/
37		private $title;
38
39		/**
40		* @ORM\Column(name="rating", type="integer")
41		*
42		*/
43		private $rating;
44
45		/**
46		* @ORM\Column(name="persent_success", type="integer")
47		* @Assert\NotBlank()
48		* @Assert\GreaterThan(value = 0)
49		* @Assert\LessThan(value = 100)
50		*/
51		private $persentSuccess;
52
53		/**
54		* @ORM\Column(name="time", type="integer")
55		* @Assert\NotBlank()
56		*/
57		private $time;
58
59		/**
60		* @ORM\Column(name="attempts", type="integer")
61		* @Assert\NotBlank()
62		*/
63		private $attempts;
64
65		/**
66		* @Gedmo\Timestampable(on="create")
67		* @ORM\Column(name="created_at", type="datetime")
68		*/
69		private $createdAt;
70
71		/**
72		* @Gedmo\Timestampable(on="update")
73		* @ORM\Column(name="updated_at", type="datetime")
74		*/
75		private $updatedAt;
76
77		/**
78		* @var string
79		* @Assert\File(
80		* maxSize = "3M",
81		* mimeTypes = {"image/*"},
82		* maxSizeMessage = "The file is too large ({{ size }}).Allowed maximum size is {{ limit }}",
83		* mimeTypesMessage = "The mime type of the file is invalid ({{ type }}). Allowed mime types are {{ types }}"
84		* )
85		*/
86		private $moduleImage;
87
88		/**
89		* @var string
90		*
91		* @ORM\Column(name="nameImage", type="string", length=255, nullable=true)
92		*/
93		private $nameImage;
94
95		/**
96		* @var string
97		*
98		* @ORM\Column(name="pathImage", type="string", length=255, nullable=true)
99		*/
100		private $pathImage;
101
102
103		/**
104		* @ORM\ManyToOne(targetEntity="AppBundle\Entity\Category", inversedBy="modules")
105		* @ORM\JoinColumn(onDelete="SET NULL")
106		*/
107		private $category;
108
109		/**
110		* @ORM\OneToMany(targetEntity="AppBundle\Entity\Question", mappedBy="module", cascade={"persist", "remove"})
111		*/
112		private $questions;
113
114		/**
115		* @ORM\OneToMany(targetEntity="AppBundle\Entity\ModuleUser", mappedBy="module", cascade={"remove"})
116		*/
117		private $modulesUser;
118
119		public function jsonSerialize()
120		{
121		return [
122		'titleModule' => $this->getTitle(),
123		'percentSuccess' => $this->getPersentSuccess()
124		];
125		}
126
127
128		/**
129		*
130		*/
131	27	public function __construct()
132		{
133	27	$this->questions = new ArrayCollection();
134	27	$this->modulesUser = new ArrayCollection();
135	27	}
136
137		/**
138		* @return mixed
139		*/
140	6	public function getId()
141		{
142	6	return $this->id;
143		}
144
145		/**
146		* @return mixed
147		*/
148	7	public function getTitle()
149		{
150	7	return $this->title;
151		}
152
153		/**
154		* @param mixed $title
155		*/
156	27	public function setTitle($title)
157		{
158	27	$this->title = $title;
159	27	}
160
161		/**
162		* @return mixed
163		*/
164	4	public function getRating()
165		{
166	4	return $this->rating;
167		}
168
169		/**
170		* @param mixed $rating
171		*/
172	27	public function setRating($rating)
173		{
174	27	$this->rating = $rating;
175	27	}
176
177		/**
178		* @return mixed
179		*/
180	3	public function getPersentSuccess()
181		{
182	3	return $this->persentSuccess;
183		}
184
185		/**
186		* @param mixed $persentSuccess
187		*/
188	27	public function setPersentSuccess($persentSuccess)
189		{
190	27	$this->persentSuccess = $persentSuccess;
191	27	}
192
193		/**
194		* @return mixed
195		*/
196	4	public function getTime()
197		{
198	4	return $this->time;
199		}
200
201		/**
202		* @param mixed $time
203		*/
204	27	public function setTime($time)
205		{
206	27	$this->time = $time;
207	27	}
208
209		/**
210		* @return mixed
211		*/
212	5	public function getAttempts()
213		{
214	5	return $this->attempts;
215		}
216
217		/**
218		* @param mixed $attempts
219		*/
220	27	public function setAttempts($attempts)
221		{
222	27	$this->attempts = $attempts;
223	27	}
224
225		/**
226		* @return mixed
227		*/
228	1	public function getCreatedAt()
229		{
230	1	return $this->createdAt;
231		}
232
233		/**
234		* @param mixed $createdAt
235		*/
236		public function setCreatedAt($createdAt)
237		{
238		$this->createdAt = $createdAt;
239		}
240
241		/**
242		* @return mixed
243		*/
244	1	public function getUpdatedAt()
245		{
246	1	return $this->updatedAt;
247		}
248
249		/**
250		* @param mixed $updatedAt
251		*/
252		public function setUpdatedAt($updatedAt)
253		{
254		$this->updatedAt = $updatedAt;
255		}
256
257		/**
258		* @return mixed
259		*/
260	3	public function getCategory()
261		{
262	3	return $this->category;
263		}
264
265		/**
266		* @param mixed $category
267		*/
268	27	public function setCategory(Category $category = null)
269		{
270	27	$this->category = $category;
271	27	}
272
273		/**
274		* @return mixed
275		*/
276		public function getQuestions()
277		{
278		return $this->questions;
279		}
280
281		/**
282		* @param Question $question
283		* @return $this
284		*/
285		public function addQuestion(Question $question)
286		{
287		$this->questions->add($question);
288
289		return $this;
290		}
291
292		/**
293		* @param Question $question
294		*/
295		public function removeQuestion(Question $question)
296		{
297		$this->questions->removeElement($question);
298		}
299
300		/**
301		* @return mixed
302		*/
303		public function getModulesUser()
304		{
305		return $this->modulesUser;
306		}
307
308		/**
309		* @param ModuleUser $moduleUser
310		* @return $this
311		*/
312		public function addModuleUser(ModuleUser $moduleUser)
313		{
314		$this->modulesUser->add($moduleUser);
315
316		return $this;
317		}
318
319		/**
320		* @param ModuleUser $moduleUser
321		*/
322		public function removeModuleUser(ModuleUser $moduleUser)
323		{
324		$this->modulesUser->removeElement($moduleUser);
325		}
326
327		/**
328		* @return string
329		*/
330	27	public function getModuleImage()
331		{
332	27	return $this->moduleImage;
333		}
334
335
336		/**
337		* @param UploadedFile $uploadedFile
338		*/
339		public function setModuleImage(UploadedFile $uploadedFile = null)
340		{
341		$this->moduleImage = $uploadedFile;
		0 ignored issues – show Documentation Bug introduced 2016-03-18 21:20 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$uploadedFile` can also be of type `object<Symfony\Component...tion\File\UploadedFile>`. However, the property `$moduleImage` is declared as type `string`. Maybe add an additional type check? Our type inference engine has found a suspicous assignment of a value to a property. This check raises an issue when a value that can be of a mixed type is assigned to a property that is type hinted more strictly. For example, imagine you have a variable `$accountId` that can either hold an Id object or false (if there is no account id yet). Your code now assigns that value to the `id` property of an instance of the `Account` class. This class holds a proper account, so the id value must no longer be false. Either this assignment is in error or a type check should be added for that assignment. class Id { public $id; public function __construct($id) { $this->id = $id; } } class Account { /** @var Id $id */ public $id; } $account_id = false; if (starsAreRight()) { $account_id = new Id(42); } $account = new Account(); if ($account instanceof Id) { $account->id = $account_id; } Loading history...
342		}
343
344		/**
345		* @return string
346		*/
347		public function getNameImage()
348		{
349		return $this->nameImage;
350		}
351
352		/**
353		* @param string $nameImage
354		*/
355		public function setNameImage($nameImage)
356		{
357		$this->nameImage = $nameImage;
358		}
359
360		/**
361		* @return string
362		*/
363	2	public function getPathImage()
364		{
365	2	return $this->pathImage;
366		}
367
368		/**
369		* @param string $pathImage
370		*/
371		public function setPathImage($pathImage)
372		{
373		$this->pathImage = $pathImage;
374		}
375
376	3	public function getCountQuestions()
377		{
378	3	return count($this->questions);
379		}
380
381		}

Wolframcheg / symfotest

Issues (55)

Security Analysis not enabled

src/AppBundle/Entity/Module.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like